Finally, if people you don’t know are getting email “From:” you — the most common scenario of all — there’s probably nothing wrong. Keep reading.

It’s not your fault

You’re minding your own business, and one day you get a message from someone you’ve never heard of, asking you to stop sending them email. Worse, they’re angry about it. Or worse yet, they accuse you of trying to send them malware!

But you don’t know them, you’ve never heard of them, and you know you’ve never sent them email.

Welcome to the world of email malware, where you can get blamed for someone else’s infection. And there’s worse news to come.

Before I get to that, there is a small possibility your email account has been compromised. The solution there is quite simple: change your password immediately. Assuming you choose a strong password, that should prevent someone from continuing to use your account for malicious purposes. (If you find that your account has indeed been compromised, you may want to do more. Check out Email Hacked? 7 Things You Need to do NOW.)

Account hacks, while they happen, are not the most common cause for the situation that I’ve described; spammers are.

What’s worse? There’s almost nothing that you can do.

From forgery

Spammers forge the “From:” address for the email they send. This technique is referred to as “from spoofing“.

Spammers use any email address they can find. That could include other email addresses they’re sending to, email addresses fed to them by a botnet, email addresses harvested online, or perhaps even the addresses in the address books of infected machines. For instance, your email address can end up in the address books of people you don’t know. Some email programs automatically collect email addresses included on messages received, or possibly from forwarded email.

If they can, spammers try to make it look like the email comes from someone you know, often by discovering who your friends are on social media and other sites.

They use all this information to create and send email messages with your name and email address in the “From:” line — email you never sent.

Peter, Paul, and Mary’s email

Let’s use a concrete example.

Peter’s address book includes entries for his friends, Paul and Mary. Paul and Mary have never met, have never exchanged email, and do not know each other; they each just know Peter.

Peter’s machine becomes infected with malware of some sort, which collects information from his address book. The virus on Peter’s machine sends email with the virus to Paul, looking like it came from Mary. Paul may wonder who the heck this Mary person is and why she’s sending him a virus, but she was never involved.

From Mary’s perspective, you can see how frustrating it would be to be accused of something you had nothing to do with and have no control over.

Spammers have also been known to use other sources of email addresses, including database breaches, harvesting email addresses from public webpages, of even purchasing lists of email addresses from one another.

All means that the simple “friend of a friend” example I used with Peter, Paul, and Mary is just the tip of the iceberg. It’s certainly not the only way your email address could show up on a forged “From” line.

What’s important is simply this: one way or another, spam messages lie about who the sender is.

There’s nothing you can do

If someone accuses you of sending spam, and you are positive you did not do so, you have very little recourse other than to try to educate them about how viruses work.

Point them at this article if you like. But be clear: your machine is not necessarily infected with malware, nor is your account necessarily compromised. It’s some third party — the spammer — making all this happen. (Identifying that third party is difficult, which is why spammers use this technique.)

Email Hacked? 7 Things You Need to do NOW – Email-account theft is rampant. If it happens to you, there are several steps you need to take, not only to recover your account, but to prevent it from being easily hacked again.

This is a major update to an article originally posted January 27, 2004 – The issue is as relevant as ever with some tweaks to the focus on spam, as well as the addition of social media harvesting of relationships.

About Leo

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Comments

Talking about information being available in the headers… What are the chances that mail gateways and virus scanners become intelligent enough to know when a “From:” field is spoofed? I mean – the information is there about who the *actual* person is who sent it. Why not extract that? This could have a siginifcant impact on viruses specifically.

Is tehre any specific reason why this is *not* done? I can’t believe that nobody have thought about this before, so, there must be some reason for it not being like this…

Well, there are two problems: 1) *all* the information in mail headers can be spoofed – meaning you’re not guaranteed that you know who the actual person is. 2) Many mailers get it “wrong” … meaning that legitimate email can often not pass the type of test you’re talking about. Many mail servers have the ability to enable additional checking along those lines … when I turned that on on my server I started losing about 2% of *legitimate* email.

If there’s to be a real solution, IMO it needs to be with some fundamental protocol changes that will formally validate the sender. There are proposals out there, but wide scale adoption fo any is a way out, I think.

I’m not a lawyer, but … I don’t believe that the company who’s products are being sold is neccessarily liable … it’s the company that’s doing the advertising campaign (typically a third party). That being said, there are definitely proposals to go after the businesses being advertised … the problem is they can always claim “we had no idea, we hired these marketters over here”.

I own a domain … and, in that domain I have it set to receive all email that’s sent to ANYTHING @ mydomain.com. Well, this morning, I received 126 “returned mail” messages, and looking at the headers, I could see that they were sent “from” all sorts of different usernames @ mydomain.com. There was no rhyme or reason to the subject matter … some were spam-related, others seemed to definitely be virus-related. I guess my question is … Has my domain been compromised, or my email, or my computer? Or all of the above? I’ve turned off the feature on my website that forwards all email to me, no matter what the info before “@” is, but this will only make it so that I’m not bothered with the returned mail. It won’t fix the problem, right? Is there anywhere that I can report all this abuse? I obviously want to delete all the messages, but want to make sure first that there isn’t somewhere I can forward them. I mean, this IS illegal, isn’t it?

One thing you can do is to report the IP addresses. From the header of the emails you can get the IP address of the sender (https://www.xmyip.com/trace-mail). Next, you may find the “owner” of the IP address and report the abuse. The IPs are probably used by proxies or VPNs, but you should report the abuse to hosting providers. The chances that the abuser is blacklisted are higher. Also, you may report the IPs to https://www.abuseipdb.com/ and to https://www.spamcop.net/anonsignup.shtml.

It’s a classic case of *exactly* what this article is all about. You’ve not been compromised, it’s not your fault, and there’s nothing you can really do. Tracking is almost impossible, and there’s nowhere to report the level of information you do have. Sucks, I know. I’m in the same situation with a couple of domains. In my case my junk mail filter (Outlook 2003’s built in) works really well at filtering out the junk. I’ve noticed that many of the “bounces” are actually to a handfull of bogus addresses @ my domain. If your emailer supports any kind of rules, you could simply auto-delete mail sent to those addresses you know are bogus.

And yes, it’s illegal: there’s a virus writer out there that deserves some serious jail time, in my opinion.

I have been experiencing the problem with apparent unauthorized usage of my email (returned mail that I never sent). There are some other things that have occurred within the same time frame and I am wondering if they are related. By the way I have changed my email and computer passwords and the problems persist. The other things that happened are:
1. I was unable to change the internet options on IE6. An error message appeared saying that this was restricted and I should contact the system administrator (me!). This was corrected by going back a month with the system restore.
2. The other anomaly is that my Norton firewall keeps turning off and and the intrusion protections is also deactivated. The options in Norton are set so this should not happen. It does each time I reboot.
I run virus scans every few days and have never been “infected” according to Norton. I have had a few rejected emails and a few intrusion alerts.
Any suggestions would be appreciated. Thank you.

Well, there is a small chance you are still infected with a virus … not all scanners catch all viruses, and some viruses are good at hiding from the scanners. Try one of the other scanners (there are free on-line one’s that I’d use for this purpose), and see if they report anything.

Also spyware may be suspect as well. Especially for the IE behaviour you described. Grab a copy of Spybot or Ad-Aware and run those scans as well.

Same thing is happening to me as Heide above – except I’m getting fewer – about ten failed delivery notices each day relating to invented names at my own domain, plus a few ‘virus warning’ replies from other companies. If a virus is spoofing my email address how likely do you think it is that providers might put a block on mail from our domain, which would mean that our legitimate business mail wouldn’t get through? What would we do if this happens?

A friend of mine claims she has gotten some virus from me and I know I did not send one. I have McAfee virus protection, I have checked my computer for spyware, it shows no spyware on the computer. Could the friend possibly have gotten E-mail from me that I did not send?

someone has gotten into my ex boyfriends account, as well as mine… and has been sending emails and lying emails to my current boyfriend… how can i find out who is doing this. i have changed the password, as well as the ex changing his password, but the damage is done and theres nothing i can do about it now… how can i find out who did this??

Is it conceivable that someone could send an email from a Yahoo account without having access to the password or computer? An email originating from Yahoo was replied to with the format “name wrote:” + the text in the body of the reply. The account owner/email sender claims he has no knowledge of it and never sent it. How could that be possible? I appreciate any information. Thanks.

Well there is one thing known as Full Headers which contains many informations that might be helpful in locating the sender. Of course you will not be able to pin point a person, but still it can tell you about the geographical location and other info depending upon the email server and headers. If you get the IP address, one can use web sites like “VisualRoute” to trace its location.

Remember that when you use a IP tracing service, you are getting the location OF THE SENDER’S ISP, NOT THE SENDER. They could be in two completely different, unrelated, locations. For example all AOL senders look like they’re in Virginia (I think) because that’s where AOL is located.

Someone is sending very threatening emails using my email address through a website called deadfake.com. They have not actually hacked into my email acct. but are able to disguise theirselves as me by using my email address on this webisite which sends out the emails. I am receiving messages from people telling me that they are contacting the police due to ”my” threatening emails… it’s very scarey and I don’t know how to stop it.

Leo: I hope you have heard of this scam but if not here’s a new one for you. I am part of a committee that is putting on a high school reunion. The committee chair suggested I go to Yahoo.com and look into their “reunion groups” which I did. The only link they had to reunions was a website called “REUNIONS.com” to I clicked on the website. In order to access the information for your high school, you of course had to register, which I did. As I was looking at the information that they had, I thought I could use this information for say the next 90 days to get out notices to the people on Reunions.com list that went to my high school. So I paid by credit card 36 bucks for 90 days. When I hit submit, not only did they take my money but they stole my entire email address book from my computer!! without a password but I was signed in of course.
Within minutes I was receiving dozens of emails and phone calls from people livid about me giving out their email addresses, which I of course had to explain. This went on for two weeks! I wrote Reunion.com an angry note and told them they could keep my money (they had a no return policy anyway) and stick it where the sun didn’t shine. They still send me emails about who has been trying to contact me but I won’t open them as I am afraid that they will again steal my address book. I have changed my password. I don’t know who to pass this information on to, other than everyone on my email list. Is there a website I can report this to or do I go to the police? Got any suggestions? Thanks for your time.

I keep getting email on my windows mail and it says from me but in the right click property it says (may be forge)so do i need to report this to my ISP or not to worry .I can get the ip address on them.should I turn them in?

That’s a very common spam technique, and reporting it will do nothing. Delete it and move on with your life.

I gave my x-wife my email address with hopes she would not call me anymoe and that she would send me emails instead. I was just informed that she could now use my email address to sign up for porn sites and such. Is this true and how will I be able to prove she was the one that used my email address.

Depends on the site. Most will email you a link to confirm your signing up. Ignore that link. As long as she cannot read your email and respnd as you, you should be fine.

So much like everyone else, someone used by email address to send spam to everyone on my contact list. I changed my password, but still whenever I start a new email or hit reply to reply to an email sent to me, the spam message shows up in the new message I’m typing. I erase it before I start typing, but I’d like to fix my email so it stops automatically popping up at the start of all my emails. Help!

When I checked my e-mail inbox today, I found that there were about 20 “Delivery Status Notification (failure)” messages. When I opened them, they all contained the same message, and it seems they got sent to everyone in my contact list (200+ addresses).
I checked my “sent” messages list, and there was no trace that I (or someone who might have hacked my account) had even sent the messages in the first place. The only reason I noticed that this had happened is because some of the addresses in my contact list don’t exist anymore and the emails got bounced back to me.
I changed my password, but it seems more likely this is a virus problem. I have an up-to-date virus scanner, and it hasn’t picked any up. Any ideas?

hi..someone used my email & password to send an ‘obscene’ email to themselves..they are now taking me to court over this..i DID NOT SEND IT..i contacted my ISP they cannot help me as it was sent thru windows live account..how do i prove this in court..they deleted it from my ‘sent’ box but not from my ‘deleted item’s this is how i found it! i am furious! i need to prove it was sent from what ever computer they used & not mine at home as they dont reside with me even..can you please help..i need to prove them wrong..police cannot help it is a civil matter not criminal i asked them…any suggestions?

You need to talk to a tech-savvy lawyer. There may be ways to get the information (if the information you need exists at all), but I’m guessing you’ll need a court order to do so.

There have been several occassions where emails have been sent from my hotmail account to each individual in my address book; AND the emails are in my sent folder. All of these emails are some type of advertisement for a product or ‘store’. This doesn’t seem to fit the example above since the email is being sent from my address to the people in my address book. Would this signify that there is a virus on my computer (my virus scan shows nothing)? Or is it being done by the advertisers in the emails. If so, is there a way to do anything about it? Thanks.

You are correct, if the emails show up in your Sent Mail folder, this is very different: Your account has been compromised. Either someone has access to your account (change your password right away), or your PC has been compromized by a virus or spyware.

When I arrived at home this am,I had a e-mail from a buddy,It was bad but I never sent it.Furthmore another friend got all kinds of personal information about my kids.The only way they could have gotten this info was to be inside my computer.I am pretty computer savy and run anti-virus and check my ports But on this one I am lost.

When I get e-mails the person sending it to me immediately gets an e-mail saying it’s from me but they know it isn’t as it contains many spelling and grammer errors. This also happens with e-mails that I get from commercial entities and then I get an e-mail that says that I can’t reply to that address. I have virus protection but this is continuing. It seems it only does it once per sender as far as I can tell.

What if you have an ex-boyfriend that is a computer science major and this fool can crack your new password with this anti-software protection equipment?

When I change my passwords he seems to be able to retrieve them from remote locations, because he does not live with me.

Futhermore my incoming e-mails can be blocked, read, or deleted by him without my knowledge.

It is like a SPY.

What can I do to protect myself and my incoming e-mails.

Can he also stop or change my outgoing e-mails? Lately I have been sending copies of all outgoing e-mails to myself to ensure that I recieve them and hope that the other party shall recieve theirs as well.

I received an e-mail from a friend who said he suddenly went to Ireland, had been robbed, and needed a quick cash transfer to get back to the US. Just a loan, of course. The way it was written, I figured it wasn’t my friend, but for a brief moment, I wondered if it was true. Such are the results of a stolen e-mail address.

Hello, Leo. Recently, somebody has hacked into my hotmail account and sent the email of a simple link to all of my contacts. At first, I thought this was a mistake, but then it happened again, on March 10th, 2010. It even sent to emails that aren’t even in service anymore! Another thing that they did was send it to emails I have previously sent to, and one of them was the FOX Broadcasting email. I immediately changed my password after the second time, and I would like to know your views on this whole situation. Thanks for your time, Jessica.

Leo, I suspect that most of us did read your article. We’re all just hoping that it isn’t really true. My followup question may be outside your expertise, but is there anything that can be done by way of legal regulation? I must add though that I am also very wary of half-baked, “well-intended” reforms.

Oh, technically I’m sure it’s already illegal in the U.S., but having laws and having the resources to enforce them are two different things. Similarly, U.S. laws don’t apply outside of the country, and a vast majority of spam originates elsewhere.

My hotmail is sending emails to people by itself. I’m not sending them. It’s not sending it to my address book, just emails starting with the latter A so far. I havn’t opened any suspect emails. I keep getting postmaster error emails saying the address could not be found. In my sent items are all the emails that I did not send. What can I do?

My yahoo email account got hacked last week. I just deleted that email account and notified as many of my friends as possible to block all emails coming from that account. I didn’t want to just change the password. I thought it was time for a clean start with a new email account. I learned it is wise to change my password regularly.

whenever I try to send a message in my hotmail and hit the new to compose an e-mail there is already one message by a chinese company wich will go with my message if I don’t remove it. How can I get read this. Plse help.

Hi
recently I checked my email inbox and saw 5 failure notice from yahoo. When I saw my sent mail, there was some mails which were sent to many of my contact. The mails contented a webpage. when I click the webpage address, it open google.com. This mails are repeated again and again. My last use of net and yahoomail was at a coffee net. what should I do? I also changed my password immediately. would you mind helping me?
Thanks

There was an email in our “read” box that looked like it was opened by one of us. Neither one of us opened it and it shouldn’t of even been there. It said it was From my wifes address and sent To her cousin. Neither know anything about it and it contains personal info. How can this happen? Thank you.

I just sent you a question and to add to it is this. : The Sent area reads Thursday, Octber 3,2013
10:46:39 PM GMT -6:00 Guadalajara/ Mexico City/ Monterrey. So does this mean it was sent from Mexico? Neither party was in Mexico City. Thanks again.

Hi I have a problem with an email I sent. The email I sent was actually sent to one person and CC to a second person. However I received a reply from someone else on my contact list as if they were apart of the email but the reply came only to me. They were not part of that email however.I checked my sent messages and I saw that I didnt send it them but there is that reply from them under the same email. I don’t understand how that happened. Does that mean that the person not intended to receive the email did in fact get it?

Hi
A friend recently had her account hacked and it sent out one of those – I’m aboard and need money emails. I opened it but did not reply.
I am now however receiving emails in my SPAM folder saying “Hi I’m a cute sexy girl etc” but the email address is mine.
I have changed my email password to a 20 char one and my alternative address and my questions. However I am still receiving these emails and my password hasn’t been changed or reset. Should I ignore these or is my account still compromised?
Many thanks in advance.
David

Also, what probably happened is that the hackers didn’t get into your account. They probably just grabbed your email off her contact list, and added you to their spam lists. That’s a sad and unfortunate result of the world of email. All you can really do in that case is try to manage it. Leo has some good suggestions here:http://askleo.com/how_do_i_get_rid_of_all_this_spam/

I had long since deduced that the computers of certain of my friends were being “hijacked.” These of course were computers that were always on and connected to the internet. The ‘hijacking occurred at such times that they would be unlikely to be at the keyboard, but in bet asleep. My own computers if at all feasible are unplugged and the batteries released when not in use. In addition, the modem is unplugged. If not feasible, then the wireless is disabled. I pick up my e-mails through an IP rather than outlook express.
I had been getting forwarded e-mails from friends involving political issues, but any reply entered the black hole of D.C. I have an idea that the hijacker’s are not some foreign types, but real people associated with the government seeking to “turn” the American citizens for their own personal objectives. I counted two or three individuals involved. If three, then one appeared to promote the democratic party, one the replublican party, and one an unknown third party. This is a non-political profile of the observed content of the “forwarded” e-mails.

I’m pretty sure it wasn’t their computers that were being hacked, but rather that spam was being sent with their email address as the spoofed sender. If there was a hack at all, it sounds like it was their online account, and once again not their computer.

My email provider is accusing me of “suspected outbound spam activity” from my account without giving any proof of it. I know I do not spam anyone with this account, I am also pretty sure I haven’t been hacked or compromised.
I change the password but it doesn’t change anything, I always get these “images, codes challenges” to login. It’s very annoying.

In my opinion, if you’re email provider challenges you on these points, he should at least give proofs of these gratuitous accusations. I asked them but of course, they ignore my request.

What am I entitled to do and what can I do besides deleting my account and changing provider ?
Can I legally attempt an action for false accusation ?

That’s a legal question I can’t answer. I would absolutely make sure your machines are COMPLETELY malware free. Most often these types of “accusations” are the result of malware on your machine that’s part of a spam-sending botnet.

Hi Leo,
and thank you for your previous answer. Sorry to ask about legal matters.

I have checked with various up to date anti virus, anti malware programs to find spam-sending botnet, but none have been found.

Also, my email provider never answered to me when I asked for a log of all activities on my account since 15 days to check if there was any suspicious activity (of course, I am not the NSA, so they ignore my request :-)).

My question is: How do you find out if you are victim of hacking or spam-sending botnet on your email account.
And how technically can you find out, find the IP of the person using your email or the program doing so ?

Trying to find out about that, I suddenly ended up on a website stating me that my IP was starting by 10.xxx.xxx.xx, (a Private Ip Address Lan as you know). While, as you probably see it now, it is not at all this kind of address.

Is it related to my issue with emails and does that mean I am victim of some hacker accessing my PC ?

Bottom line is that spammers make a lot of money, or if their intent is to destroy – they can easily satisfy that. And stuff comes from countries all over the world that may or may not have a similar legal system as yours, or even the resources to do anything about it. So bottom line is that it becomes our responsibility to protect ourselves.

Hi Leo,
and thank you for your previous answer. Sorry to ask about legal matters.

I have checked with various up to date anti virus, anti malware programs to find spam-sending botnet, but none have been found.

Also, my email provider never answered to me when I asked for a log of all activities on my account since 15 days to check if there was any suspicious activity (of course, I am not the NSA, so they ignore my request :-)).

My question is: How do you find out if you are victim of hacking or spam-sending botnet on your email account.
And how technically can you find out, find the IP of the person using your email or the program doing so ?

Trying to find out about that, I suddenly ended up on a website stating me that my IP was starting by 10.xxx.xxx.xx, (a Private Ip Address Lan as you know). While, as you probably see it now, it is not at all this kind of address.

Is it related to my issue with emails and does that mean I am victim of some hacker accessing my PC ?

Several times in the past 5 years I have received a bunch of returned emails within a couple of days. I now ( think I) know that means that some crook has figured out my email password and is using my email account. Some of the addresses he sends to, using my email address, have been closed so the email is returned to me. I immediately go to my email account and change my email password. That stops all returned mail. The email provider has gotten more pro-active too and requires that I sign on with my password fairly often.

That doesn’t necessarily mean you were hacked, but it could be. It’s also possible for someone who knows your email address to falsely use it as their return address. To be on the safe side I’d follow the steps necessary to secure my email account after being hacked.Email Hacked? 7 Things You Need to do NOW

Unfortunately, if you haven’t been hacked, you won’t be able to stop getting those bounce messages because thy could simply continue to spoof your address to send emails.

I think someone has set up forwarding email addresses from my phone and i dont recieve my email to change password and someone has recently changed i dont know how to stop this its as if i have no control and someone has linked all my info plesase help been going on for some time i think they have set up multiple email addresses how can i check to see ifsomething is linked to my address want to clean it up not sure why i have no control

I’ve recently moved to gmail from yahoo because this kept happening to me (I haven’t closed the Yahoo address because some people still send me stuff there even though I told them not to). Its a little different to the situation you describe because emails are being sent to my contacts, not to random addresses. Yahoo records no sign in, nothing in my sent folder, and here’s the clincher – some of the emails that bounce back include the real senders IP address which turns out to be in Russia! I’ve emailed the ISP’s abuse address so who knows if they’ll do anything, (or even understand my email!), but its causing me embarrassment because my contacts are still getting spam from my old address. I can only think I must have been hacked in the past and someone downloaded my contacts (couldn’t be recently as I deleted them all).

This scam may not be Yahoo’s fault, but I do think their security is terrible and they really don’t seem to care. It does make me think though that servers must know Yahoo isn’t in Russia, so by comparing the IP to the return address they could instantly see its fake and could even automatically report it to the ISP instead of me having to do it. What do you think?

Can I also say I’m really impressed that you’ve answered so many of these comments. I’d suggest that you delete some of the questions where people haven’t read the article or are asking stupid questions as the discussion here is a bit too long and might put people off reading through to the end.

Unfortunately, closing the email account in question probably won’t solve the problem. The spammers already have the contact list and can continue to send out spam to those on the list and even continue to make it look as if it’s from you. The Russian IP number is the real sender of the email, and they can just make it look like it’s from Yahoo.

As for deleting not so relevant posts, you can imagine how long a process that would be. All of the new comments come up on a queue, so nothing is lost in the haystack of comments. Commenting on the title without reading the article is the norm on the Web nowadays. Ask Leo! commenters by and large are an exception to that.

This isn’t quite the same thing but I’ve recently noticed that some of the spam emails I’m receiving are headed ‘Charlie’ or ‘Ethan’ or various other names. What has me worried is that many of these names – more than seems coincidental – are the names of characters I’ve recently created in various screenplays and treatments I’ve been working on. Is it possible that my documents are being viewed remotely or that I have some kind of Trojan Horse on my system that is monitoring my keystrokes? I’d be interested to hear your thoughts.

A young college kid that I know needs some help. Her email was hacked as was her facebook account and malicious and untrue emails were sent in her name. She was reapplying for a job at a camp that she had this summer and the hacker harassed the camp for the past 2 months as well as any other jobs that she has applied for via email. She is in London, camp is in US. She changed her email and again, the harasser seemed to find this out as well. She will not be able to return unless this person is identified because there is too much info that needs to travel via the internet for this to be accomplished. I will encourage her to contact facebook and her ISP, however, are there any other suggestions? Does this change because it is now international? thanks.

Sounds to me like the malware sent her email address to the hackers and they are now sending spam using her email address. Unfortunately, there’s probably nothing else you can do about this other than stop using the account.

Dear Leo,
My email is also spoofed. But since I read your article, I am not going to repeat the other million questions that you already answered in your article. READ IT PEOPLE. THERE IS NOTHING YOU CAN DO.

However, I want to thank you. For a while, I thought that I had some kind of email virus, and have done everything I know how to do to clean my computer–even though it started during a period of time that I wasn’t even logged on to my computer.

Anyway, it is good to know that it is not my fault, I have nothing to do with it, and I can let it go.
I just wish I could figure out how to set up a rule to delete the tens of emails I get every day, without the possibility of losing a legitimate bounce back email. I will continue to try and figure it out. The problem is that I get so many, that I am losing sight of actual emails I need to respond to, as they are buried amidst that garbage.

Thanks again for the article. Good luck to us all.
p.s., not that I could find them anyway, but the header info.–on the few that include the original email in the bounce back–have very little info., accept to show a fake name in the “from” field. But if you want to find out Oprah’s secret, let me know. 🙂

I realize this is in reply to a 10-year old comment, but what I have done is proactively created the several email addresses I know I will want on the main servers, and just occasionally use them to keep them active.

Not cool for the others who share my name, but it does help protect my name.

I would also suggest this for parents also to protect the name and internet-never-forgets reputation of their children, even young ones. (Or especially young ones.)

Hello i have been recently accused of sending emails out and which i never do half of my friends receive it and my family as well i lost half of people on my Facebook but help i will tell you what do if you have version as an internet service provider when you on that email juts put it in spam change yr pass word as told and email as well do not use the same email address that happened to me mail bounces back my hacker was china i had received several threats from him and Chinese letter as i should have printed them out but how do these f**** sleep at night when using someone else information eventually i will expose all my hacker was coming at night started at 4:00 in the morning, when mail comes in go to spam and verizon will take care they send me all of the proof i need good luck irene stamelos.

Funny / not so funny that in the 11 years since this article was written it is still happening, I mean someone should be able to fiigure this out, and get it stopped. Seems the internet is geared for spammers to get away with anything, First why would / should ISP allow anyone to have an email address that mimmics say a banking instution ? Anyway.

I’v been having this same issue, someone using my email to send spam, it quite a problem as it is the email address connected to my website, and in the last couple of weeks I’ve been black listed twice, which means I can not even send emails to my real customers.

I am having the same trouble, spam emails from myself, they are using my email address and I changed my password and security questions but they are still getting in, the question is how? It says above there is little we can do about it, that does not help us really though does it, I am getting 15 emails a day from myself. I found and traced the address to North America by their ip address look up, but it seems that little is done about this. I reported it to my internet provider. They are using my email to send out crap. I have now asked also in martin lewis tech site as I dont know what else to do to stop this. Otherwise I will be getting this crap every single day if I cant stop it.

It’s actually very helpful to understand that little can be done, because you can then relax and stop letting it stress you out. You’ve changed your password and security questions so you can feel that you have secure control of your email. Hopefully you chose a secure password that is long and complex. You are tracing the IP addresses to various different locations which proves that these emails are not actually coming from your account. You are actually in no danger. One thing you may want to consider is routing your email through Gmail, which has an excellent spam filter and will likely prevent you from seeing these spam emails. Here’s an article on that: https://askleo.com/how_do_i_route_my_email_through_gmail/

Leo, I often tell people that spoofing is similar to someone putting an addressed envelope in a mailbox but using YOUR address as the return address. You can’t stop it, and you can’t stop the letter from being returned to you if it is returned not deliverable. It doesn’t make a difference who put the envelope in the mailbox, where they did it, or who they sent it to.

For some reason spoofing is really hard for many people to understand. The “envelope with a wrong return address” analogy often helps them get the picture.

you mention in spam emails that the isp address of the spammer can be known, so why isnt there an option of blocking all mail to your pc from that isp address? If this can be done, then it wont matter what email address the spammer uses from that particular pc

I have read through the items above and I have a related issue that doesn’t seem to be addressed here – if it is elsewhere on AskLeo I would appreciate a link to it. In my (actually my wife’s) case her contacts are getting emails which purport to come from her but are actually from other machines using here email address as the indicated sender. They all follow a single format, a short message in the subject line such as “FW: new message” with a single but different link in the body of the message. This must be intentional rather than a virus on some other machine somewhere, else why reference a bunch of different links in the body? I haven’t wanted to click on any of the links to invite malware which they may point too. Googling around I find a lot of people started getting these in August 2015, first in Germany, then the UK, and now a number of other countries. Do you have any related information?

If all of her contacts are getting emails that look like they are from her, then it indicates that her account was hacked and her contact list stolen. It could also easily happen if she forwards emails, or sends lots of “cc” email, and doesn’t use “bcc” to hide the addresses. If that’s the case, the lists on those emails could have been harvested by a hacker.

my most used email address cannot be used suddenly. I now found a strange new email address when trying to sort this out.
my email address is {email removed}
The email address is {email removed} (Tara)
What can I do to track this hack?

Today I received an email using a made-up email address with my name. This is horrible. Is there no way to stop dregs from doing this?
They actually received my email using the same address (test) so they are slimy and have nothing in life to keep them from being bored and harrassing people. Today I also had to organize my next cataract operation so that is distressing for me. At nearly 69 years of age this is appalling behaviour and to think there is no policing of the email internet yet? I have installed new security software so it has also cost me as a pensioner. I have spent my life doing good for others and there is no truth in ‘carma’ working here. However, I will not give up hope and hope this person (a male from USA or even France) certainly not a female as he is using a female identity name (Tara). I will use this character in my next book…!! Tara from Troveit in a distant place in USA who is not sure of his identity and has a crush on an old woman! Mmmm.

Someone I know (not a friend) used my email address to log into a CaringBridge website..used to pray for pastor’s wife who is having surgery today. Is there any way to stop this non-friend? Should I close this account and open another?

You can also mark any emails from Caring Bridge as spam and block their address. A well designed website wouldn’t allow anyone to use someone else’s email address to sign up. A well designed website would send a confirmation email to that address to check if it was the owner of that email address signing up. For example, Ask Leo! does this before adding someone to the mailing lists.

Just had this with a client in the Netherlands. In his case he also recently received about 20 undeliverable e-mails in Microsoft Outlook on his laptop. When we logged into Webmail at his internet provider’s website, we saw that somebody had been busy sending fake Netflix invoices with attachments from his e-mail account. I assume there were viruses in the attachments, I don’t know. Since his e-mail in Outlook is a POP account he had no idea what was going on in Sent in Webmail. He never looks at it. Luckily his internet provider KPN also sent a warning message the same day. I’m still puzzled how these guys managed to hack his account since he has a complicated password to get into Webmail. No way to guess that. We changed his password straight away and that was the end of it. So my advice would be to check the Sent folder in your Webmail, if you have a similar provider situation. And most important, change your e-mail account password straight away.

A new variation of this that I have noticed in the last year or so is one that uses email addresses that I know, but when I examine the _entire_ address, it only looks like one I know. I’ve even got these emails, which look like they are from me!

I finally have the aster to this one
I use outlook for my e mail account and set the setting filters to stop them altogether
I was simply annoyed at the amount of filth from men asking me if I needed a ‘hard’ one etc plus the offer of russian female ! plus lots more
I don’t get any in my junk mail or otherwise having set the filters to preclude them

This article isn’t talking about receiving spam. It’s talking about spammers sending email using your email address to send spam. It the same thing as a person sending snail mail and using your address as the return address. There’s no way to stop that.

If you have your own domain name and you find that someone is spoofing one or more of your e-mail addresses, then getting your hosting provider to add a “SPF” DNS entry to your domain will help. Any receiving mail server which is configured to run SPF checks on incoming mail will be able to verify whether the sending server is authorised to send from the domain. If the server from which the mail originates is listed in the SPF record, then the mail will be accepted. If not, then the mail will be rejected.

Hey Leo I was playing minecraft lifeboat server and someone told me that there brother was hacking me. I went to another server and forgot about it. But then minecraft got updated and everything changed. So now I need to log in to Xbox live to access it. I tried it and it said that someone has been spam emailing off my email and that is against the Microsoft code or something…..?

I had this problem with my hotmail account. I was getting 20 phishing emails a day (Viagara, Bitcoin etc) all supposedly sent by ME as {email removed} into my own account. These emails cannot be blocked. Hotmail staff advised me to ignore as them as they go to JUNK and are deleted after some time. The real emails (often containing valuable personal data from banks, telcos, employers and the like) also get deleted by me by choice. The problem was that ALL these supposedly deleted files can still be ‘recovered’ should any hacker actually take control of my account. They can only be deleted by individually ‘purging’ each email from the recovery cache. Closing the account is not ideal. Not only do I lose all the account features (Skype, Calender, Contacts etc) but my email account can later be taken up by a spammer and used legitimately — global scams with my name Fred Smith attached!

What to do? I found the trick.

(1) Sign into your account at {email removed}
(2) Go to your account details via your name at top right of page. It will produce the Microsoft dashboard.
(3) Choose MyInfo tab and weblink “Manage your sign in email or phone number.” Confirm your identity. Your email address will be on view.
(4) Add a new account alias (something innocuous such as {email removed}). Make this the primary account identity.
(5) Remove the previous email account access {email removed}
(6) Tell your banks and friends of your new email address as {email removed}.

Job done! No more hideous spam sent to you in your own name. And your regular users can still send to your account.

Based on the date of the first couple of comments, this article was written almost 13 years ago. Just curious, has anything changed? Someone is spoofing my email address and I have received more than 10,000 bounced and returned emails. I set my spam filter to capture all of the returns coming from my server, but I still deal with the bounces and out of office messages on a daily basis. It’s been going on for about three weeks now. I wouldn’t even mind paying someone to find this *person* and deactivate their equipment…. Anyway, am I still at the mercy of whenever they decide to move onto a new victim or will that never happen and will I need to change my email address?

SUCCESS – I just wanted to circle back and add an update. As earlier explained, my email was being hosted by a friend (as a favor to me, at no cost) who runs a business and hosts his own website on rented server space. Someone spoofed my email address as the return email address for their spam operation and I was receiving thousands of bounced email. Based on one of the recommendations in this thread I changed my email service to, in this case Register.com, and the problem subsided ($60/yr well spent). I’m not sure if, as LennonZA suggests, the spoofed email is being rejected and the spoofer has moved on to another victim, or if the new service is capturing the bounces and preventing them from hitting my account. Either way, hosting my email account with an email service vice hosting it myself provided added protections for me that solved my problem. Additional information, I was already using MX Guard Dog to combat the annoying spam directed at me, and they were not successful in protecting my email address from being spoofed. Hope this helps someone in a similar situation.

Free Newsletter!

Subscribe to The Ask Leo! Newsletter and get a copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. This ebook will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

Then each week in The Ask Leo! Newsletter you’ll get even more tips, tricks, answers and ideas to help you use your technology more effectively and stay safe doing so.